Updating cicd #169
Updating cicd #169
Conversation
Co-authored-by: Ivan Fernandez Calvo <kuisathaverat@users.noreply.github.com>
|
@elastic/ci-robots Could you review this one? |
|
There are a lot of files in this PR that are specific to this repo's custom functionality, except for the |
# Conflicts: # .github/workflows/release.yml
.buildkite/release.yml
Outdated
| - uses: elastic/apm-pipeline-library/.github/actions/github-token@current | ||
| with: | ||
| url: ${{ secrets.VAULT_ADDR }} | ||
| roleId: ${{ secrets.VAULT_ROLE_ID }} | ||
| secretId: ${{ secrets.VAULT_SECRET_ID }} | ||
| - uses: elastic/apm-pipeline-library/.github/actions/setup-git@current | ||
| with: | ||
| username: ${{ env.GIT_USER }} | ||
| email: ${{ env.GIT_EMAIL }} | ||
| token: ${{ env.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Sorry if I created any confusion.
However, this is GH workflow syntax. This won't work in a buildkite pipeline.
There was a problem hiding this comment.
Here is example on how secrets are currently acquired from vault.
apm-agent-android/.ci/release.sh
Line 62 in b425386
You would need to get the token in the same manner.
Unfortunately, I don't know if there is a token for apmmachine stored in the ci vault.
@elastic/observablt-ci anyone of you knows how to get the secret for apmmachine in buildkite?
There was a problem hiding this comment.
Oh! I see, tbh I thought it seemed too easy to be true 😅 - I've been mostly looking at how this has been done in the Java Agent repo. And after a closer look, it seems like the code change pushed into main is done outside of Buildkite, so I'm thinking that maybe that can be done here as well, in case getting this token inside Buildkite might not be worth the trouble... So I'll take a look at that alternative in the meantime, cheers.
There was a problem hiding this comment.
@elastic/observablt-ci anyone of you knows how to get the secret for
apmmachinein buildkite?
Buildkite can retrieve secrets from another vault.
I will send the documentation by DM since it's internal.
There was a problem hiding this comment.
I just moved the post-deploy command to the GH release.yml file here alongside the GIT auth set up as well, I think it should work. Any thoughts @reakaleek @amannocci ?
There was a problem hiding this comment.
I've added a new GH action job that should run after the release has been successful. In this new job we should do the version bump and changelog update and it should all get pushed straight into the main branch. I think it should work the way I wrote it, if there are any issues please let me know @amannocci @reakaleek - Otherwise I'm planning to merge this by the end of this week and apply future adjustments if needed since this PR has been open for too long now.
There was a problem hiding this comment.
I think you need to set waitFor to true
so this works as expected
There was a problem hiding this comment.
Another thing I noticed:
pushing to protected branches does not work out of the box in github actions.
You need to use a GH Personal Access Token that has elevated permissions.
There was a problem hiding this comment.
You can find an example job here with the necessary setup to do pushing to a protected branch:
https://github.com/elastic/apm-agent-java/blob/main/.github/workflows/release.yml#L128-L151
Also, we need to add @apmmachine as a collaborator with a role that is able to bypass branch protection.
There was a problem hiding this comment.
Many thanks @reakaleek - I've just updated the job based on your suggestions. I hope it's better now. I'm not sure if @apmmachine already has that ability in this repo, although if that's not the case I'd request for it later.
# Conflicts: # agp-compatibility/agp-compatibility-7-2/metadata/notice.properties # agp-compatibility/agp-compatibility-7-3/metadata/notice.properties # agp-compatibility/agp-compatibility-api/metadata/notice.properties # android-common/metadata/notice.properties # android-instrumentation/metadata/notice.properties # android-plugin/metadata/notice.properties # android-sdk-ktx/metadata/notice.properties # android-sdk/metadata/notice.properties
…ne to push changes straight into the main branch
.github/workflows/release.yml
Outdated
| token: ${{ env.GITHUB_TOKEN }} | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| ref: ${{ env.TAG_NAME }} |
There was a problem hiding this comment.
I guess this is a copy paste error. I think this should be something different.
maybe inputs.branch_specifier or just hardcoded main?
There was a problem hiding this comment.
I didn't notice, thanks for the heads-up! It should be fine now.
No description provided.